ID CVE-2006-7115
Summary SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
References
Vulnerable Configurations
  • cpe:2.3:a:phpkit:phpkit:1.6.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:phpkit:phpkit:1.6.1:rc2:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 21002
bugtraq 20061110 PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
misc http://www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_(faq-faq.php)_Remote_SQL_Injection_Exploit.htm
osvdb 31265
secunia 17479
sreason 2357
xf phpkit-faq-sql-injection(30209)
Last major update 16-10-2018 - 16:29
Published 06-03-2007 - 01:19
Last modified 16-10-2018 - 16:29
Back to Top